Back to home

Privacy Policy

Last updated: 2026-04-30

We respect your privacy and are committed to protecting it through compliance with this Policy. This Policy describes the personal information we may collect from you on the tattoopointer.com website (the 'Platform' or 'Service') and its related products and services (together, the 'Services'), and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Policy is a binding agreement between you ('User', 'you') and Dirty Hippos BV — Sint-Apollonialaan 188B, 2400 Mol, Belgium — enterprise number BE 0695.953.323 ('TattooPointer', 'we', 'us'). By accessing the Platform and Services you acknowledge that you have read, understood, and agreed to be bound by this Policy. If you do not agree, you must not access or use the Platform. This Policy does not apply to the practices of companies we do not own or control, or to individuals we do not employ.

Automatic collection of information

When you visit the Platform our servers automatically log information sent by your browser. This may include the IP address of your device, browser type and version, operating system type and version, language preferences, the page you visited before arriving at the Platform, the pages you visit on the Platform, time spent on those pages, content you search for, access times and dates, and other usage statistics. This information is used to identify potential abuse and to compile aggregate statistics about Platform usage. It is not aggregated in a way that would identify a specific User.

Personal information you provide

You can browse parts of the Platform without telling us who you are. To use certain features (creating an account, posting a listing, sending a message, making a booking) we need certain personal data: • Account details (username, unique user ID, password hash, locale preference) • Contact details (email address, phone number) • Basic personal information (name, country of residence) • For artists and studios: business details (KBO/CBE number, business address, portfolio content) • For bookings: session preferences, references, deposit information • Health-consent data where applicable (special-category data limited to what is required by Belgian and French health regulations, encrypted at rest) You may choose not to provide certain personal data, but in that case some features will be unavailable.

How we use your information

We act as data controller when we determine the purposes and means of processing (e.g. when we ask you to register or to fill in a booking form). We act as data processor when you submit content through the Platform that you control (e.g. portfolio uploads), in which case you are the controller and we process the data in line with your instructions. We use your information to: • Provide and operate the Platform and Services • Improve the User experience • Process bookings, deposits, and payments • Send transactional communications (booking confirmations, security alerts, receipts) • Send marketing communications where you have opted in • Detect, prevent, and respond to misuse, fraud, or security incidents • Comply with legal obligations and respond to lawful requests The legal basis for processing depends on the context: (a) your consent, (b) performance of a contract with you, (c) compliance with a legal obligation, (d) a task carried out in the public interest, or (e) our legitimate interests or those of a third party. We will tell you which basis applies on request.

Managing your information

You can review, update, or delete certain personal data through Settings > Privacy in your account. When you delete personal data, we may retain a copy in our records for the time necessary to meet our obligations to our partners and for the purposes described in this Policy.

Disclosure of information

Depending on the requested Services, or as needed to complete a transaction, we may share information with contracted service providers who help us operate the Platform — payment processors, hosting providers, email senders, customer-support tools, analytics tools — whose privacy practices are consistent with ours or who have agreed to our standards. Service providers receive only the information necessary to perform their function and are not authorised to use it for their own marketing or other purposes. We do not sell information to unrelated third parties. We may also disclose information where required or permitted by law, including in response to a subpoena or similar legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or that of others, to investigate fraud, or to respond to a government request.

Retention of information

We retain personal data for as long as needed to fulfil our obligations to you, while your account is active, to enforce our policies, resolve disputes, and as otherwise required or permitted by law. Specific retention periods include: • Account data: until you delete your account • Health-consent records (where applicable): 3 years (Belgian healthcare regulation), then auto-deleted • Payment records: 7 years (tax compliance) • Chat messages: 2 years from last activity • Marketing-consent logs: until consent is withdrawn plus 3 years Aggregated, anonymised data derived from your personal data may be used after deletion, but not in a way that re-identifies you.

Your rights under the GDPR

Under the GDPR you have the following rights with respect to your personal data: • Right of access — request a copy of the data we hold about you • Right to rectification — correct inaccurate or incomplete data • Right to erasure — request deletion of your data • Right to restrict processing — limit how we process your data • Right to data portability — receive your data in a portable format • Right to object — object to certain processing (e.g. direct marketing) • Right to withdraw consent — at any time, without affecting prior processing • Right to lodge a complaint with the Belgian Data Protection Authority (www.autoriteprotectiondonnees.be / www.gegevensbeschermingsautoriteit.be) To exercise your rights, use Settings > Privacy > My Data, or contact us at [email protected]. We will respond within the time limits set by applicable data-protection law.

Cookies

Our Platform uses cookies to personalise your online experience. A cookie is a small text file placed on your device by a web server. Cookies cannot run programs or deliver viruses. They are uniquely assigned to you and can only be read by the server in the domain that issued them. We use cookies for security, personalisation, and statistical purposes. You may accept or refuse cookies; most browsers accept them by default but you can change your browser settings. For details see our Cookie Policy.

Data analytics

The Platform may use third-party analytics tools that use cookies, web beacons, or similar technologies to collect standard internet activity and usage data. The information collected is used to compile aggregated reports on User activity (visit frequency, page popularity, time on page, etc.) so we can monitor performance and improve the Platform. We do not use these tools to track or collect personally identifiable information of our Users, and we do not associate the statistical reports with individual Users.

Privacy of minors

We do not knowingly collect personal data from people under 18. If you are under 18, do not submit any personal data through the Platform. If you have reason to believe that a person under 18 has provided personal data to us, please contact us so we can delete it. We encourage parents and legal guardians to monitor their children's internet use and to instruct them never to provide personal data without consent.

Do-not-track signals

Some browsers offer a 'do not track' feature that signals websites you visit that you do not wish your online activity to be tracked. There is no uniform standard for how browsers communicate the signal, so the Platform does not currently respond to do-not-track signals. We nevertheless limit our use and collection of personal data as described in this Policy. For more information on do-not-track protocols, visit internetcookies.com.

Social media features

The Platform may include social-media features such as share buttons. These may collect your IP address and the page you visit on our Platform, and may set a cookie. Your interactions with these features are governed by the privacy policies of the relevant providers.

Email marketing

We offer optional newsletters that you can subscribe to voluntarily. We will keep your email address confidential and will not disclose it to third parties except as permitted in this Policy or via a service provider that sends emails on our behalf. You can unsubscribe from marketing emails at any time by following the unsubscribe instructions in those emails or by contacting us. You will continue to receive essential transactional emails (booking confirmations, security alerts, receipts).

Links to other resources

The Platform contains links to other resources we do not control. We are not responsible for the privacy practices of those resources. We recommend you read the privacy notices of each resource that may collect personal data.

Information security

We secure information on servers in a controlled, secured environment, protected against unauthorised access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards. However, no transmission of information over the internet or wireless network can be guaranteed. You acknowledge that (a) there are security and privacy limitations of the internet that are beyond our control; (b) the security, integrity, and privacy of any information exchanged between you and the Platform cannot be guaranteed; and (c) such information may be viewed or tampered with by a third party in transit despite all reasonable efforts. Because security depends in part on the device you use and how you protect your credentials, you must take appropriate measures to protect your information.

Data breach

If we become aware that the Platform's security has been compromised or that personal data has been disclosed to unrelated third parties as a result of external activity (security attacks, fraud), we will take reasonable measures including investigation, reporting, and cooperation with law enforcement. Where there is a reasonable risk of harm or where notification is required by law, we will notify affected individuals — generally by email and by a notice on the Platform — within 72 hours of becoming aware of the breach where the GDPR applies.

Changes and additions

We may modify this Policy at any time at our discretion. When we do, we will revise the date at the top of this page and may also notify you by email or other means. An updated version of this Policy takes effect immediately upon posting unless otherwise indicated. Continued use of the Platform after the effective date constitutes your acceptance of the changes. We will not use your personal data in a materially different way than stated at the time of collection without your consent.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all of its terms. By accessing and using the Platform, and by submitting your information, you consent to be bound by this Policy. If you do not agree, you must not access or use the Platform.

Contact

If you have any questions, concerns, or complaints about this Policy or the information we hold about you, or if you wish to exercise your rights, please contact us at: Dirty Hippos BV Sint-Apollonialaan 188B, 2400 Mol, Belgium Enterprise number: BE 0695.953.323 Email: [email protected] We will try to resolve complaints and disputes and will use all reasonable efforts to honour your requests as quickly as possible and in any event within the time limits prescribed by applicable data-protection laws.